The present invention relates to an access control method, system, device, program, and a recording medium and in particular, to a method, system, device, program, and a recording medium for performing access control to a service provided via a network.
Currently, various services are provided in networks such as the Internet and an enterprise network (Intranet). When using a service on a network, a user firstly connects a terminal device to the network. For this, permission for connection by the operation administrator of the network may be required. Here, the network operation administrator authenticates the user for judging whether to permit connection. For example, in order to connect to the Internet, permission for connection should be received by the ISP (Internet Service Provider). Here, the authentication is performed by inputting an identifier for identifying the ISP user and a password for confirming that the user identified by it is the user himself/herself by using, for example, the PPP (Point-to-Point Protocol) (for the PPP, see “The Point-to-Point Protocol (PPP)”, RFC1661, IETF.)
As another example, when making connection to the Intranet in an enterprise, permission for connection may be required. Here, authentication is performed by inputting an identifier for identifying the Intranet user and a password by using, for example, IEEE 802.1x.
On the other hand, among services provided on the network, there are such services which are provided to particular users or which have different contents to be provided to respective users. In such services, a user is identified for assigning a use authority and the user should be authenticated by the service provider. Here, the authentication is performed by inputting an identifier for identifying a service user and a password by using a protocol positioned on the upper node layer of the OSI reference model such as the HTTP (Hyper Text Transfer Protocol), for example, (for the HTTP, see “Hypertext Transfer Protocol HTTP/1.1”, RFC2616, IETF). It should be noted that in the aforementioned authentication, as the information for confirming the user himself/herself, besides the password, a public key certificate or biometric information may be used.
When performing authentication, there is a problem of spoofing, i.e., an unauthorized person illegally uses another person's identifier and password, thereby using a service. Such a spoofing generates charging which the owner of the identifier and the password does not know and a problem of leak of confidential information. When biometric information is used for authentication of a user, spoofing becomes difficult. However, authentication using biometric information requires a special device and software and its use is limited to admission control requiring strict authentication and not widely used on the network.
In general different administrators perform authentication and authorization for network connection and authentication and authorization for using a service. For this, different identifiers are used for the respective authentication processes and no inspection is performed to check whether the different identifiers belong to the same person. Accordingly, it is allowed to use a service, for example, even when the connection to the Internet is performed by using the identifier and the password validly owned by the user but another person's identifier and password are used for using the service. To cope with this, spoofing may be prevented by judging whether the user permitted to make connection to the network is the same person as the person who is going to receive a service by checking the correlation between the different identifiers. In any stage, when authentication and authorization are completed, a packet transmitted thereafter from the user includes no identifier to be used for authentication. Instead of it, it is often the case that temporary identifier valid only for the authorized use is assigned and this identifier is contained in the packet. For example, in a network using IP (Internet Protocol) such as the Internet often uses an IP address indicating the position on the network as the temporary identifier. For this, when performing authentication for using a service provided on the network using the IP, identifier used for authentication to use the service is transmitted by a packet using the IP address, assigned as a result of permission to connect to the network, as a transmission source.
Accordingly, by correlating the IP address of the transmission source of the packet with the identifier used for authentication for using a service for each of the users, it is possible to check whether the user permitted to make connection to the network is the same person as the user who is going to receive a service. For example, there is a technique for assigning an IPv6 (Internet Protocol version 6) address containing an identifier for using a service in the least significant 64 bits to a device used by a user of the network service and when using the service, the identifier for using the service presented by the user is compared to the IPv6 address so as to check whether the IPv6 address contains the user identifier (for example, JP-A-2003-132030).
However, in the current network, it is general that the correlation between the IP address and the identifier for using a service dynamically changes.
For example, in the current Internet or in the in-enterprise network, the IPv4 (Internet Protocol version 4) address is used as the IP address. Because of the address shortage in the world scale, an address which has been assigned to a user but become unnecessary for the user is assigned for another user.
Accordingly, the method disclosed in JP-A-2003-1132030 which assumes that the correlation between the IP address and the identifier for using a service is unchanged is insufficient for inspecting whether a user is the same user on the network.